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© In a first processing mode for a first communica- 
tion request, a communication processing unit (20) 
responds to a communication request signal from a 
communication terminal (10) to acquire an authen- 
tication key Ka corresponding thereto from a storage 
(30), generates pieces of enciphered authentication 
information Xai and Xbi enciphered by the authen- 
tication key Ka of the communication terminal and 
an authentication key Kb of the communication pro- 
cessing unit, respectively, and random information Yi 
and transmits these pieces of information Xai, Xbi 
and Yi as an authentication request signal to the 
communication terminal. The communication termi- 
nal sends, as an authentication response signal, in- 
formation Ka[Yi] obtained by enciphering the re- 
ceived random information Yi with the authentication 
key Ka, back to the communication processing unit, 
and at the same time, the communication terminal 
stores the received enciphered pieces of authentica- 
tion information Xai and Xbi. The communication 
processing unit verifies the authentication response 



signal by use of the authentication key Ka. 

In a second processing mode, the communica- 
tion terminal transmits previous enciphered authen- 
tication information Xb(i-1) as a communication re- 
quest signal to the communication processing unit 
and deciphers previous information Xa(i-1) to gen- 
erate an authentication key Kci. The communication 
processing unit deciphers the received enciphered 
authentication information Xbi to generate a deci- 
■ phered authentication key Kci and transmits to the 
communication terminal an authentication request 
signal containing newly generated pieces of enci- 
phered authentication information Xai and Xbi and 
the random information Yi. The communication ter- 
minal stores the received pieces of enciphered au- 
thentication information Xai and Xbi and enciphers 
the random information Yi by the authentication key 
Kci and sends it as an authentication response sig- 
nal KcifYi] to the communication processing unit, 
which verifies the authentication response signal by 
the deciphered authentication key Kci. 
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BACKGROUND OF THE INVENTION 

The present invention relates to a communica- 
tion processing unit, represented by a base station 
or card reader in a mobile telecommunication sys- 
tem or IC card system, for instance, authenticates 
a communication terminal which is connected 
thereto, such as a terminal or IC card, when the 
communication processing unit grants a service 
requested by the communication terminal. The in- 
vention also pertains to a communication terminal 
and a communication processing unit using the 
authentication method. 

Figs. tA and 1B show, by way of example, 
systems to which the present invention is applied. 
In Fig. 1A, each communication terminal 10 is 
connected via a communication channel 40 to a 
communication processing unit 20, which is con- 
nected via a communication channel 50 to a mem- 
ory 30. The communication channel 40 is a radio 
or wired channel. When the communication chan- 
nel 40 is a radio channel, the system is, for exam- 
ple, a mobile telecommunication system, in which 
case the communication terminal 10 is a mobile 
station or portable station and the communication 
processing unit 20 is a base station or switching 
center. For instance, in the case of a personal 
communication system using an ordinary terminal, 
the communication channel 40 is a wired channel 
and the communication terminal 10 is a combina- 
tion of a registered IC card owned by a user and a 
telephone set into which the user inserts the IC 
card to receive his requested service, and the 
communication processing unit 20 is an exchange 
or switch. In these cases, the communication pro- 
cessing unit grants requested communication ser- 
vices after authenticating the validity of the mobile 
station, the portable station and the user. As de- 
picted in Fig. 1B, in an IC card system, the com- 
munication terminal 10 corresponds to an IC card 
and the communication processing unit 20 a card 
reader which reads out and writes data in the IC 
card inserted thereinto. The card reader grants a 
service using the IC card after making a check to 
see if the IC card inserted thereinto is valid. 

Fig. 2 shows an authentication method that has 
been used in these systems. The communication 
terminal 10 is a terminal such as a telephone, 
mobile station, portable station or IC card. The 
communication processing unit 20 is a base station 
or exchange in a mobile telecommunication sys- 
tem, for example, or an IC card reader. The mem- 
ory 30 is, for instance, a database which stores 
information on the communication terminal 10 re- 
presented by its authentication key. In the following 
description an expression in the form of A[B] will 
mean a computation for enciphering information B 
by a key A, and to decode a signal A[B] will mean 



to obtain information B through computation using 
the key A. 

The communication terminals are each preas- 
signed identification information ID and a secret 
5 authentication key Ka, and the authentication key 
Ka of each communication terminal 10 is prestored 
in the memory 30 in correspondence with the iden- 
tification information ID. At first, the communication 
terminal 10 transmits a service request signal SR1 

10 containing the identification information ID (step 
S1). This corresponds to, for example, the trans- 
mission of a call originating signal from a portable 
station used as the communication terminal 10 
when it originates a calk Upon receiving the service 

75 request signal SR1 , the communication processing 
unit 20 sends the signal SR1 to the memory 30 
and requests it to send the authentication key Ka 
for authenticating the communication terminal 10, 
"that is, the same authentication key Ka as that 

20 which the communication terminal 10 stores in 
secrecy (step S2). The memory 30 reads out the 
requested authentication key Ka from the identifica- 
tion information ID in the received service request 
signal SR1 and sends it to the communication 

25 processing unit 20 (step S3). Upon receiving the 
authentication key Ka from the memory 30, the 
communication processing unit 20 generates a ran- 
dom number R1 in step S4 and transmits it as an 
authentication request signal to the communication 

30 terminal 10 in step S5. Having received the random 
number R1, the communication terminal 10 enci- 
phers the random number R1 by use of the au- 
thentication key Ka in step S6 and returns the 
enciphered signal Ka[R1] as an authentication re- 

35 sponse signal to the communication processing 
unit 20 in step S7. Then, in step S8 the commu- 
nication processing unit 20 deciphers the signal 
Ka[R1], using the authentication key Ka (step 8a) 
and checks the deciphered signal R1 with the 

40 random number R1 previously transmitted to the 
communication terminal 10 (step 8b). When they 
match, the communication processing unit 20 de- 
cides that the communication terminal 10 is a valid 
user, and authorizes the requested service to start. 

45 For instance, also in the case where a second 

service request for handover during communication 
or hand off during conversation is made during the 
above-mentioned service, or in the case of the 
second service being made after the above-said 

so service is finished, a second service request signal - 
SR2 containing the identification information ID is 
sent to the communication processing unit 20 (step 
S1 1), after which the communication terminal 10 is 
authenticated using exactly the same procedure 

55 (steps S12 through S18) as that for the first service 
request signal SR1. 

With the above-described prior art, upon each 
occurrence of a service request, the communica- 
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tion processing unit 20 needs to acquire the au- 
thentication key Ka from the memory 30, and 
hence the authentication process takes much time 
accordingly -- this leads to a defect that the delay 
accompanying the start of communication or chan- 
nel connection increases. 

SUMMARY OF THE INVENTION 

It is an object of the present invention to pro- 
vide an authentication method which permits re- 
duction of the time for authentication processing in 
response to second and subsequent service re- 
quests and a communication terminal and a com- 
munication processing unit which utilize the authen- 
tication method. 

The authentication method according to the 
present invention has a first processing mode for 
executing an authentication process in response to 
a first communication request and a second pro- 
cessing mode for executing an authentication pro- 
cess in response to each of second and subse- 
quent communication request. 

In the first processing mode, the communica- 
tion processing unit responds to a communication 
request signal from a communication terminal to 
acquire the authentication key Ka corresponding 
thereto from a memory and, at the same time, the 
communication processing unit generates enci- 
phered authentication information Xbi enciphered 
using its authentication key Kb and random in- 
formation Yi and transmits these pieces of informa- 
tion Xbi and Yi as an authentication request signal 
to the communication terminal. The communication 
terminal enciphers the received random information 
Yi by the authentication key Ka to obtain informa- 
tion Ka[Yi] and sends it as an authentication re- 
sponse signal back to the communication process- 
ing unit and, at the same time, the communication 
terminal stores the received enciphered authentica- 
tion information Xbi. The communication process- 
ing unit verifies the authentication response signal, 
using the authentication key Ka. 

In the second processing mode, the commu- 
nication terminal transmits to the communication 
processing unit a communication request signal 
containing the previously stored enciphered au- 
thentication information Xbi. The communication 
processing unit deciphers the enciphered authen- 
tication information Xbi to generate a deciphered 
authentication key Kci and, at the same time, trans- 
mits to the communication terminal an authentica- 
tion request signal containing newly generated ran- 
dom information Yi. The communication terminal 
enciphers the received random information Yi by 
the authentication key Kci and sends it as an 
authentication response signal back to the commu- 
nication processing unit, which verifies the authen- 



tication response signal, using the deciphered au- 
thentication key Kci. 

According to the present invention, since the 
authentication key that is used for processing all 
service requests is set between the communication 
terminal and the communication processing unit in 
the authentication processing for a first service 
request, the communication processing unit needs 
not to acquire the authentication key Ka from the 
memory when second and subsequent service re- 
quests are made. Hence, the present invention 
permits reduction of the time of the authentication 
process. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Fig. 1A is a block diagram showing an example 
of the system to which the present invention is 
applied; * 

Fig. 1B is a block diagram of another example 
of the system to which the present invention is 
applied; 

Fig. 2 is a diagram for explaining a conventional 
authentication method; 

Fig. 3 is a flowchart showing the procedure of 
the authentication method according to a first 
embodiment of the present invention; 
Fig. 4 is a block diagram illustrating the con- 
struction of a communication terminal in Fig. 3; 
Fig. 5 is a flowchart showing the authentication 
procedure of the communication terminal shown 
in Fig. 4; 

Fig. 6 is a block diagram illustrating the con- 
struction of a communication processing unit in 
Fig. 3; 

Fig. 7 is a flowchart showing the authentication 
procedure of the communication processing unit 
depicted in Fig. 6; 

Fig. 8 is a diagram showing the authentication 
procedure in the case of the authentication 
method of Fig. 3 being applied to hand off 
during conversation; 

Fig. 9 is a flowchart showing the procedure of 
the authentication method according to a second 
embodiment of the present invention; 
Fig. 10 is a block diagram illustrating an exam- 
ple of the construction of a communication ter- 
minal depicted in Fig. 9; 

Fig. 1 1 is a flowchart showing the authentication 
procedure of the communication terminal de- 
picted in Fig. 9; 

Fig. 12 is a block diagram illustrating an exam- 
ple of the construction of a communication pro- 
cessing unit depicted in Fig. 9; 
Fig. 13 is a flowchart showing the authentication 
procedure of the communication processing unit 
depicted in Fig. 9; 
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Fig. 14 is a diagram showing the authentication 
procedure in the case of the authentication 
method of Fig. 9 being applied to a handover 
during communication or conversation; 
Fig. 15 is a flowchart showing the procedure of 
the authentication method according to a third 
embodiment of the present invention; 
Fig. 16 is a diagram showing the authentication 
procedure in the case of the authentication 
method of Fig. 15 being applied to a handover 
during communication or conversation; and 
Fig. 17 is a flowchart illustrating the procedure 
based on the basic principles of the authentica- 
tion method according to the present invention. 

DESCRIPTION OF THE PREFERRED EMBODI- 
MENTS 

Fig. 3 is explanatory of a basic embodiment of 
the authentication method according to the present 
invention. The communication terminal 10, the 
communication processing unit 20 and the memory 
30 correspond to those in the communication sys- 
tem shown in Fig. 1A or the IC card 10, the card 
reader 20 and the memory (database) 30 in the IC 
card system depicted in Fig. 1B. Also in the 
present invention, each communication terminal 10 
is preassigned a different identification information 
ID and a different secret key Ka, and the memory 
30 prestores the authentication key Ka correspond- 
ing to the identification information ID. In the 
present invention each communication processing 
unit 20 has an authentication key Kb common to 
the other communication processing units. The au- 
thentication method according to the present inven- 
tion has two processing modes. A first processing 
mode is a processing mode for the signal SR1 of 
the first service request (a service request 1) and a 
second processing mode is a processing mode for 
the signals SR2, SR3, ... of second and subsequent 
service requests (a service request signal SR2, a 
service request 3 and so on). 

A description will be given first of the first 
processing mode. In Fig. 3, the communication 
terminal 10 first transmits the service request sig- 
nal SR1 containing the identification information ID 
(step S1). This corresponds to, for instance, the 
transmission of a call originating signal from the 
portable station as the communication terminal 10 
when it originates a call. Upon receiving the service 
request signal SR1, the communication processing 
unit 20 transfers it to the memory 30 (step S2) to 
request it for the authentication key Ka for authen- 
ticating the communication terminal 10, that is, the 
same authentication key Ka as that which the com- 
munication terminal is storing in secrecy. The 
memory 30 uses the identification information ID in 
the received signal SR1 to read out the corre- 



sponding authentication key Ka and transmits it to 
the communication processing unit 20 (step S3). 
Upon receiving the authentication key Ka from the 
memory 30, the communication processing unit 20 
5 generates the random number R1 and enciphers 
the received authentication key Ka by the authen- 
tication key Kb in step S4, after which the commu- 
nication processing unit 20 transmits the enci- 
phered signal Kb[Ka] and the random number R1, 

70 as an authentication request signal, to the commu- 
nication terminal 10 in step S5. The process of 
generating the random number R1 in step S4 may 
be performed at any time in the period from the 
reception of the service request signal SR1 to the 

75 transmission of the random number R1 in step S5. 
Upon receiving the enciphered signal Kb[Ka] and 
the random number R1, the communication termi- 
nal 10 stores the signal Kb[Ka] and enciphers the 
received random number R1 by the authentication 

20 key Ka in step S6 and, in step S7, sends the 
enciphered signal Ka[R1] as an authentication re- 
sponse signal back to the communication process- 
ing unit 20. Then, the communication processing 
unit 20 verifies the validity of the response signal 

25 Ka[R1], using the authentication key Ka and the 
random number R1 (step S8). The verification in 
step S8 is conducted by deciphering the received 
response signal Ka[R1] by the authentication key 
Ka and matching the deciphered signal R1 with the 

30 random number R1 sent to the communication 
terminal 10. Alternatively, the random number R1 
sent to the communication terminal 10 is enci- 
phered by use of the authentication key Ka and the 
enciphered signal Ka[R1] is matched with the re- 

35 sponse signal Ka[R1] received from the commu- 
nication terminal 10. These two methods are equiv- 
alent to each other, and hence either of them may 
be used. If it is found that the both signals match, 
then the communication processing unit decides 

40 that the communication terminal 10 is a valid sub- 
scriber, and starts a communication connecting 
process (the requested service). This is the authen- 
tication procedure in the first processing mode. 
Next, the second processing mode will be de- 

45 scribed. This is processing that is performed, for 
example, in the case where the communication 
terminal 10 makes a second service request for a 
handover (channel switching during communica- 
tion) in the middle of the communication connected 

so in the first processing mode or after completion of 
the communication service in the first processing 
mode. The communication terminal 10 transmits, 
as a service request signal SR2, a signal containing 
the enciphered signal Kb[Ka] stored in the afore- 

55 mentioned step S6 and a mode specifying signal M 
which indicates the second processing mode (step 
S11). The communication processing unit 20 re- 
ceives the service request signal SR2 and when it 
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recognizes from the mode specifying signal M in 
the signal SR2 that the service request from the 
communication terminal 10 is a service request in 
the second processing mode, the communication 
processing unit 20 deciphers the signal Kb[Ka] by 
use of the authentication key Kb to obtain the 
authentication key Ka and generates a random 
number R2 (step S12) and transmits the random 
number R2 as an authentication request signal to 
the communication terminal 10 (step S13). Upon 
receiving the authentication request signal, the 
communication terminal 10 generates a signal Ka- 
[R2] by enciphering the random number R2 with 
the authentication key Ka (step S14) and sends it 
as an authentication response signal back to the 
communication processing unit 20 (step S15). As in 
the verification step S8 of the first processing 
mode, the communication processing unit 20 veri- 
fies the validity of the response signal Ka[R2] by 
use of the authentication key Ka and the random 
number R2 (step S16). That is, the signal Ka[R2] is 
deciphered by the authentication key Ka and the 
deciphered signal R2 is matched with the random 
number R2 previously transmitted to the commu- 
nication terminal 10; alternatively, the random num- 
ber R2 generated in step S12 is enciphered by the 
authentication key Ka and the enciphered signal 
Ka[R2] is matched with the response signal Ka[R2] 
received from the communication terminal 10. If 
they match, then it is decided that the communica- 
tion terminal 10 is a valid subscriber, and the 
requested communication service is initiated. 

When the communication terminal 10 further 
transmits third and subsequent service signals 
SR3, SR4, signal processing is performed fol- 
lowing the same procedure as that of the second 
processing mode described above. 

Fig. 4 illustrates, in block form, an example of 
the construction of the communication terminal 10 
in the Fig. 3 embodiment. The communication ter- 
minal 10 is formed as an IC card, for instance, and 
has an I/O interface 13, a computation part 14, a 
memory 15 and a control part 16, which are inter- 
connected via a bus 17. The communication termi- 
nal 10 further has a transmitting part 11 and a 
receiving part 12 both connected to the I/O inter- 
face 13 for signal transmission and reception be- 
tween it and the communication processing unit 20. 
In Fig. 4, a display 18 is shown to be connected to 
the I/O interface 13, but when the communication 
terminal 10 is an IC card, the display 18 may also 
be provided on, for example, a terminal set into 
which the IC card is inserted. 

The memory 15 has an area 15A for storing 
the authentication key Ka and the identification 
information ID preassigned to the communication 
terminal 10, an area 15B for temporarily storing 
data such as the received enciphered signal Kb[Ka] 
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and the results of computation, an area 15C in 
which an overall authentication procedure in the 
communication terminal 10 (the procedure de- 
scribed later with respect to Fig. 5) is described, 
5 and an area 15D which has stored therein a pro- 
gram for enciphering the received random number 
by the authentication key Ka. The control part 16 
performs signal processing using the procedure 
described in the area 15C and the computation part 
io 14 performs the computation for generating the 
enciphered signal Kb[Ka] using the computation 
procedure in the area 15D. 

Fig. 5 shows an example of the procedure 
stored in the memory area 15C in Fig. 4 which is 
75 performed by the communication terminal 10. 

When a user conducts an operation for re- 
questing the communication terminal 10 to provide 
a service by, for example, inserting the IC card into 
a mobile station or portable station, the commu- 
20 nication terminal 10 reads out the stored contents 
of the memory area 15B in step S1. Upon receiving 
the service request, the communication terminal 10 
makes a check in step S2 to see if it has already 
stored in the memory area 15B the enciphered 
25 signal Kb[Ka] received from the communication 
processing unit 20. If not, then the communication 
terminal 10 concludes that the first processing 
mode should be executed, and it proceeds to step 
S3. 

30 In step S3 the communication terminal 10 gen- 

erates the first service request signal SR1 contain- 
ing the user identifying information ID and a mode 
signal M1 indicating the first processing mode and 
transmits the signal SR1 to the communication 

35 processing unit 20, then entering an authentication 
request wait state in step S4. Upon receiving the 
random number R1 and the enciphered signal Kb- 
[Ka] as an authentication request signal from the 
communication processing unit 20 in step S5, the 

40 communication terminal 10 stores the signal Kb[Ka] 
in the memory area 15B and generates a signal 
Ka[R1] by enciphering the random number R1 with 
the authentication key Ka in the computation part 
14 in step S6. In the next step S7 the communica- 

45 tion terminal 10 transmits the signal Ka[R1] as the 
authentication response signal to the communica- 
tion processing unit 20, and in step S8 the commu- 
nication terminal 10 enters a service response wait- 
ing state. When the communication processing unit 

so 20 concludes that the authentication response sig- 
nal Ka[R1] is valid, it starts a call connection pro- 
cess, and upon receiving a service response in 
step S9, the communication terminal 10 goes into a 
service receiving state. In the case where the com- 

55 munication processing unit 20 concludes that the 
authentication response signal Ka[Rl ] is invalid, the 
communication terminal 10 receives an authentica- 
tion error signal from the communication process- 
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ing unit 20 in step S10, then erases the data Kb- 
[Ka] in the memory area 15B in step S11 and 
provides an authentication error display on the dis- 
play 18 in step S12. When the authentication error 
display is produced, there is the possibility of the 
communication terminal 10 being faulty or forged; 
hence the user is supposed to report the abnormal- 
ity of the communication terminal 10 to a manage- 
ment center of the communication system. 

When it is found in step S2 that the commu- 
nication terminal 10 holds the signal Kb[Ka] from 
the communication processing unit 20 in the mem- 
ory area 15B, the communication terminal 10 con- 
cludes that the second processing mode should be 
executed, and then proceeds to step S13. 

In step S13 the communication terminal 10 
generates the second service request signal SR2 
containing a mode signal M2 indicating the second 
processing mode and the signal Kb[Ka] held in the 
memory area 15B and sends it to the communica- 
tion processing unit 20, after which the terminal 10 
goes into an authentication request waiting state in 
step S14. When receiving a random number R2 as 
an authentication request signal from the commu- 
nication processing unit 20 in step S15, the com- 
munication terminal 10 generates an enciphered 
signal Ka[R2] by enciphering the random number 
R2 under the authentication key Ka in step S16 
and transmits the signal Ka[R2] as an authentica- 
tion response signal to the communication process- 
ing unit 20 in step S17. In step S18 the commu- 
nication terminal 10 enters a state of waiting for a 
service response from the communication process- 
ing unit 20. 

When the communication processing unit 20 
concludes that the authentication response signal 
Ka[R2] is valid, the communication terminal 10 
receives the service response in step S19, entering 
the service receiving state. When the communica- 
tion processing unit concludes that the authentica- 
tion response signal Ka[R2] is invalid, it transmits 
an authentication error signal to the communication 
terminal 10. Upon receiving the authentication error 
signal in step S20, the communication terminal 10 
erases the signal Kb[Ka] in the memory area 15B 
in step S21 and then returns to step S1 to repeat 
the process. Since the signal Kb[Ka] in the mem- 
ory area 1 5B has already been erased at this time, 
the first processing mode is executed. 

Fig. 6 illustrates, in block form, the construction 
of the communication processing unit 20 in the Fig. 
3 embodiment. The basic construction of the com- 
munication processing unit 20 is similar to the 
construction of the communication terminal 10 de- 
picted in Fig. 4. The communication processing 
unit 20 has, for instance, an I/O interface 23, a 
computation part 24, a memory 25 and a control 
part 26, which are interconnected via a bus 27. The 



communication processing unit 20 further has a 
transmitting part. 21 and a receiving part 22 both 
connected to the I/O interface 23 for signal trans- 
mission and reception between it and the commu- 
5 nication processing unit 20. The memory 25 has: 
an area 25A for storing the authentication key Kb 
common to all the communication processing units 
20 of the system; an area 25B for temporarily 
storing data such as the enciphered signal Kb[Ka] 

w and the random number generated by the commu- 
nication processing unit 20 and the authentication 
key Ka received from the communication terminal 
10; an area 25C which has described therein an 
overall authentication procedure of the communica- 

75 tion processing unit 20 (the procedure described 
later in connection with Fig. 7); an area 25D which 
has stored therein a program for enciphering the 
authentication key Ka received from the commu- 
nication terminal 10 under the common authentica- 

20 tion key Kb through computation; an area 25E 
which has stored therein a deciphering computation 
program for deciphering the authentication re- 
sponse signal Kb[Ka] to obtain the key Ka; an area 
25F which has stored therein a random number 

25 generating computation program; and an area 25G 
which has stored therein a verification program for 
verifying the validity of the authentication response 
signal. The control part 26 performs signal pro- 
cessing using the procedure described in the 

30 memory area 25C. The computation part 24 re- 
sponds to an instruction from the control part 26 to 
perform an enciphering computation for generating 
the enciphered signal Kb[Ka] following the com- 
putation procedure in the memory area 25D or 

35 deciphering computation following the computation 
procedure in the memory area 25E, generates the 
random number using the computation procedure 
in the memory area 25F and verifies the authen- 
tication response signal using the computation pro- 

40 cedure in the memory area 25G. 

Fig. 7 shows an example of the authentication 
procedure stored in the memory area 25C in Fig. 6 
which is executed by the communication process- 
ing unit 20. 

45 Upon receiving a service request signal SR 

from the communication terminal 10 in step S1, the 
communication processing unit 20 determines in 
step S2 if the mode specifying signal M in the 
signal SR indicates the first or second processing 

so mode. If the first processing mode is indicated, 
then the communication processing unit 20 sends 
the service request signal SR containing the iden- 
tification information ID to the memory 30 in step 
S3, after which it waits for the return therefrom the 

55 authentication key Ka corresponding to the com- 
munication terminal 10 in step S4. When receiving 
the authentication key Ka corresponding to the 
identification information ID from the memory 30 in 



7 



11 



EP 0 604 91 1 A2 



12 



step S5, the communication processing unit 20 
stores it in the memory area 25B. In the next step 
S6 the communication processing unit 20 gen- 
erates the enciphered signal Kb[Ka] by enciphering 
the authentication key Ka under the authentication 5 
key Kb in the computation part 24 using the enci- 
phering procedure described in the memory area 
25D, the enciphered signal Kb[Ka] being stored in 
the memory area 25B. In the next step S7 the 
communication processing unit 20 transmits a set 70 
of the enciphered signal Kb[Ka] and the random 
number R1, as an authentication request signal, to 
the communication terminal 10 and in step S8 
waits for an authentication response therefrom. 
Upon receiving the authentication response signal 75 
Ka[R1] from the communication terminal 10 in step 
S9, the communication processing unit 20 re- 
sponds to an instruction from the control part 26 in 
step S10 to determine if the authentication re- 
sponse signal Ka[R1] is valid, by the computation 20 
part 24 using the procedure described in the mem- 
ory area 25G. If the authentication response signal 
Ka[R1] is valid, the communication processing unit 
20 transmits a service response signal to the com- 
munication terminal 10 in step S11, entering a 25 
service state. If the authentication response signal 
Ka[R1] is found invalid, then the communication 
processing unit 20 sends the authentication error 
signal to the communication terminal 10 in step 

512 and goes into the initial state. 30 
In the case where the mode specifying signal 

M indicated the second processing mode in step 
S2, the service request is an i-th (where i £ 2) or 
subsequent service request and the service re- 
quest signal SR contains the enciphered signal Kb- 35 
[Ka] returned from the communication terminal 10, 
which is stored in the memory area 25B. In step 

513 the computation part 24 responds to an in- 
struction from the control part 26 to generate a 
random number Ri following the random number 40 
generating procedure described in the memory 
area 25F. In step S14 the communication process- 
ing unit 20 sends the random number Ri as the 
authentication request signal to the communication 
terminal 10 and, in step S15, waits for an authen- 45 
tication response signal therefrom. Upon receiving 

the authentication response signal Ka[Ri] in step 
S16, the communication processing unit 20 verifies 
the validity of the authentication response signal 
Ka[Ri] in step S17 following the procedure stored 50 
in the memory area 25G. If the authentication re- 
sponse signal Ka[Ri] is found valid, then the com- 
munication processing unit 20 sends a service re- 
sponse signal to the communication terminal 10 in 
step S18 and enters the service state. When the 55 
signal Ka[Ri] is found invalid, the communication 
processing unit 20 sends the authentication error 
signal to the communication terminal 10 in step 



S19 and returns to the initial state. 

As referred to previously with respect to Fig. 3, 
two methods can be used to verify the validity of 
the authentication response signal Ka[Ri] in steps 
S10 and S17 shown in Fig. 7. According to one of 
the two methods, the random number Ri is ob- 
tained by deciphering the authentication response 
signal Ka[Ri] under the authentication key Ka 
stored in the memory area 25B and it is deter- 
mined that the authentication response signal is 
valid when the deciphered signal Ri matches the 
counterpart Ri stored in the memory area 25B. 
According to the other method, a signal Ka[Ri] is 
generated by enciphering the random number Ri 
under the authentication key Ka through use of the 
authentication key Ka and the random number Ri 
stored in the memory area 25B and it is deter- 
mined that the authentication response signal Ka- 
[Ri] is valid when the enciphered signal Ka[Ri] 
matches it. These two methods are equivalent to 
each other and either of them may be used. 

Fig. 8 shows an authentication procedure for 
use in the case of applying the Fig. 3 embodiment 
to a channel switching during communication (han- 
dover) in mobile telecommunication. A mobile sta- 
tion 10 corresponds to the communication terminal 
10. A base station 20a with which the mobile sta- 
tion 10 is in communication (which base station will 
hereinafter be referred to as a current base station) 
and a base station 20b to which the mobile station 
10 is switched (which base station will hereinafter 
be referred to as a new station) correspond to the 
communication processing unit 20 in Fig. 3. The 
base stations each have a common authentication 
key Kb. A data base 30 corresponds to the storage 
30 in Fig. 3. The base stations 20a and 20b belong 
to a switching center 60. In this example, a call 
originating process corresponds to the first pro- 
cessing mode and a handover (channel switching 
during communication) the second processing 
mode. 

At first, the terminal 10 transmits a cell originat- 
ing signal SR1 containing its identification informa- 
tion ID to the base station 20a in a radio zone to 
which the base station 20a belongs. The signal 
SR1 corresponds to the first service request signal 
SR1 from the communication terminal 10 in Fig. 3. 
Thereafter, authentication is carried out using the 
same procedure as that of the first processing 
mode M1 described previously with reference to 
Fig. 3 and then the requested communication ser- 
vice is started. When the mobile terminal 10 moves 
out of the current radio zone and into another to 
which te base station 20b belongs, the handover is 
performed so as to continue communication. In this 
case, in order that the terminal 10 detects the zone 
switching and performs the handover, the terminal 
10 transmits to the new base station 20b a han- 
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clover request signal SR2 containing the signal Kb- 
[Ka] stored by the terminal 10. The new base 
station 20b deciphers the handover request signal 
SR2 to obtain the authentication key Ka and gen- 
erates the random number R2, which are sent as 
an authentication request signal to the terminal 10. 
The terminal 10 transmits, as an authentication 
response signal, the signal Ka[R2] obtained by 
enciphering the random number R2 under the au- 
thentication key Ka, to the new base station 20b. 
Upon completion of the authentication, the new 
base station 20b sends a handover acceptance 
signal to the terminal 10, which recognizes there- 
from completion of the authentication procedure. 

In the above, the mode specifying signal M for 
distinguishing between the first and second pro- 
cessing modes may be inserted in the signal that 
is sent from the terminal 10 to the communication 
processing unit 20; alternatively, the first and 'sec- 
ond processing modes may be distinguished ac- 
cording to the presence or absence of the signal 
Kb[Ka]. While in the above embodiments the termi- 
nal identifying information ID has been described to 
be held in the terminal 10, it is also possible that 
the user inputs the identification information ID into 
the terminal when using it. 

As described above, according to the Fig. 3 
embodiment, in the case of executing the first 
processing mode for the first service request, once 
the communication processing unit 20 reads out 
the authentication key Ka from the storage 30, it 
needs not to access the storage 30 in the second 
processing mode for the second and subsequent 
service requests, and hence the processing time 
can be reduced. Incidentally, the Fig. 3 embodi- 
ment always employs the same enciphered signal 
Kb[Ka], as the service request signal for the sec- 
ond and subsequent service requests. Such a re- 
peated use of the same information is not prefer- 
able, because it incurs possibility of the authentica- 
tion keys Ka and Kb being deciphered in the event 
that communication between the communication 
terminal 10 and the communication processing unit 
20 is wiretapped. Fig. 9 shows a basic procedure 
of an authentication method which deviates this 
defect of the Fig. 3 embodiment. 

The embodiment of the authentication method 
shown in Fig. 9 also uses two processing modes as 
is the case with Fig. 3. The first processing mode 
is a mode of processing for the first service re- 
quest signal SR1, and the second processing 
mode is a mode of processing for second and 
subsequence service request signals SR2, SR3, ... 
Also in this embodiment, the communication termi- 
nals 10 are each preassigned the authentication 
key Ka and the identification information ID that are 
unique to the terminal 10, and the storage 30 has 
stored therein the authentication key Ka corre- 



sponding to the identification information ID of each 
communication terminal 10. The respective com- 
munication processing units 20 are preassigned a 
common authentication key Kb. 

s In the first processing mode, the communica- 

tion terminal 10 first transmits the service request 
signal SR1 containing the identification information 
ID to the communication processing unit 20 (step 
S1). The communication processing unit 20 sends 

w the signal SR1 to the storage 30 (step S2), request- 
ing the authentication key Ka that is used to au- 
thenticate the communication terminal 10. The stor- 
age 30 reads out the authentication key Ka cor- 
responding to the identification information ID in 

75 the signal SR1 and sends it back to the commu- 
nication processing unit 20 (step S3). Upon receiv- 
ing the authentication key Ka from the storage 30, 
the communication processing unit 20 stores it in 
step S4 and, at the same time, generates a pair of 

20 random numbers R1i and RI2 and further gen- 
erates, through computation, a signal Ka[R1i] into 
which the random number R1i has been enci- 
phered by the authentication key Ka and a signal 
Kb[R1i] into which the random number R1i has 

25 been enciphered by the authentication key Kb of 
the communication processing unit 20. 

In step S5 the communication processing unit 
20 transmits these enciphered signals to the com- 
munication terminal 10 together with the random 

30 number R1 2 . The computation for generating the 
pair of random numbers R1i and RI2 in step S4 
may conducted at any time from the time after the 
reception of the service request signal SR1 to the 
time prior to the enciphering of the random number 

35 R1i. When receiving the enciphered signals Ka- 
[R1i] and Kb[R1i] and the random number RI2, 
the communication terminal 10 stores therein the 
signals Ka[R1i] and Kb[R1i] in step S6 and, at the 
same time, obtains a signal Ka[Rl2] by enciphering 

40 the received random number R1 2 under the au- 
thentication key Ka. Next, the communication ter- 
minal 10 returns the enciphered signal Ka[Rl2] as 
an authentication response signal to the commu- 
nication processing unit 20 in step S7. The com- 

45 munication processing unit 20 verifies the validity 
of the authentication response signal Ka[Rl 2 ] using 
the authentication key Ka and the random number 
RI2 in step S8. In this case, two method can be 
used for this authentication as referred to pre- 

50 viously in respect of the Fig. 3 embodiment. That 
is, the authentication response signal Ka[R1 2 ] is 
deciphered by the authentication key Ka to obtain 
the random number RI2, which is matched with the 
random number RI2 previously sent to the commu- 

55 nication terminal 10. Alternatively, the signal Ka- 
[RI2] obtained by enciphering under the authen- 
tication key Ka the random number RI2 sent to the 
communication terminal 10 is matched with the 
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'Signal Ka[Rl2] received from the communication 
terminal 10. If they match, it is concluded that the 
communication terminal 10 is a valid subscriber, 
and the requested service is initiated. This is the 
authentication procedure in the first processing 
mode. 

Next, the second processing mode will be de- 
scribed. This corresponds to the processing that is 
needed, for instance, in the case of a second 
service request being made after completion of the 
communication service connected in the first pro- 
cessing mode, or the case of a second service 
request such as a handover being made during the 
communication service connected in the first pro- 
cessing mode. The communication terminal 10 
transmits the second service request signal SR2 in 
step S11. The signal SR2 contains the mode speci- 
fying signal M indicating the second processing 
mode and the signal Kb[R1i] that the communica- 
tion terminal 10 received and stored therein during 
the processing for the previous service request 
signal SR1 in the first processing mode. In step 
S12 the communication terminal 10 obtains the 
random number RTi by deciphering under its au- 
thentication key Ka the signal Ka[R1i] stored in 
step S6 in the first processing mode. The random 
number R^ is used as a temporary authentication 
key Kc for the current service request. 

Incidentally, in the Fig. 9 embodiment, upon 
commencement of the service request in the sec- 
ond processing mode, the temporary authentication 
key Kc to be used for the authentication processing 
responsive to the service request is updated as 
shown in step S12, but it is also possible that in the 
authentication processing for the immediately pre- 
ceding service request, the authentication key Kc is 
updated in preparation for the next service request 
after step S5 as in step S9 indicated by the broken 
line in the first processing mode in Fig. 9, for 
instance. In such a case, the authentication key Kc 
is pre-updated for use in the authentication pro- 
cessing for the next service request, in the broken- 
lined step S19 after step S17 in the second pro- 
cessing mode. 

On the other hand, when the communication 
processing unit * 20 recognizes from the mode 
specifying signal M in the received service request 
signal SR2 that the service request is a request in 
the second processing mode, it obtains the random 
number R1i by deciphering the signal Kb[R1 1 ] in 
the received signal SR2 through use of the authen- 
tication key Kb in step S13 and stores the random 
number R1i as the temporary authentication key 
Kc for the current service request. Then in step 
S14 the communication processing unit 20 gen- 
erates a pair of random numbers R2i and R2 2 and, 
further, generates a signal Kc[R2i ] by enciphering 
the random number R2i under the temporary au- 



thentication key Kc and a signal Kb[R2i] by enci- 
phering the random number R2i under the authen- 
tication key Kb. Next, in step S15 the communica- 
tion processing unit 20 transmits these enciphered 

5 signal as an authentication request signal to the 
communication terminal 10, together with the ran- 
dom number R2 2 . Upon receiving the authentica- 
tion request signal, the communication terminal 10 
stores the received signals Kc[R2i ] and Kb[R2i ] in 

io step S16 and enciphers the received random num- 
ber R2 2 using the temporary authentication key Kc 
created in step S12, thereafter sending the enci- 
phered random signal Kc[R2 2 ] as an authentication 
response signal back to the communication pro- 

75 cessing unit 20 in step S17. The communication 
processing unit 20 verifies the validity of the re- 
ceived response signal Kc[R2 2 ] in step S18. That 
is, the signal Kc[R2 2 ] is deciphered using the tem- 
porary authentication key Kc obtained in step S13 

20 and the deciphered signal R2 2 is matched with the 
random number R2 2 sent to the communication 
terminal 10 in step S15. Alternatively, a signal Kc- 
[R2 2 ] obtained by enciphering the random number 
R2 2 sent to the communication terminal 10, 

25 through use of the temporary authentication key Kc 
is matched with the signal Kc[R2 2 ] received from 
the communication terminal 10. If they match, the 
communication processing unit 20 concludes that 
the communication terminal 10 is a valid subscrib- 

30 er, and starts the requested communication ser- 
vice. 

Where the communication terminal 10 makes 
third, fourth, ... service requests afterward, the sec- 
ond processing mode is performed. Upon each 

35 processing for such a service request, the commu- 
nication terminal 10 obtains a signal R(i-1)i by 
deciphering the enciphered signal Kc[R(i-1)i] 
stored in step S16 in the processing for the pre- 
vious service request, in step S12 in the process- 

40 ing for the current service request and updates the 
temporary authentication key Kc to R(i-1)i. The 
communication processing unit 20 renders the one 
random number R(i-1)i created in the previous 
processing to the current temporary authentication 

45 key Kc = R(i-1)i in step S13 and then generates a 
new pair of random numbers Rhand Ri 2 . Thus, the 
temporary authentication key Kc is updated each 
time a new service request is made, but the au- 
thentication procedure is identical with the authen- 

50 tication procedure in the second processing mode 
shown in Fig. 9. As referred to previously, the 
updating of the temporary authentication key Kc in 
the processing for an i-th (where i £ 2) service 
request may be carried out immediately prior or 

55 subsequent to the authentication response step (S7 
or S17) in the processing for the preceding (i-1)th 
service request. 
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Fig. 10 illustrates, in block form, an example of 
the construction of the communication terminal 10 
in Fig. 9, which is basically identical with the termi- 
nal 10 depicted in Fig. 4. In Fig. 10 the commu- 
nication terminal .10 comprises the transmitting 
part, the receiving part 12, the I/O interface 13, the 
computation part 14, the storage 15, the control 
part 16, the bus 17 and the display 18. In the area 
15A of the storage 15 there are stored the authen- 
tication key Ka and identification information ID 
unique to the communication terminal 10. In this 
embodiment, pieces of data Kb[Rii] and Kc[Rii] 
that are received as an authentication request sig- 
nal from the communication processing unit 20 are 
stored in the storage area 15B in the processing 
corresponding to an i-th service request signal SRL 
In this instance, when i = 1, Kc = Ka, and when i 
£ 2, Kc - R(i-1 )i . In the storage area 1 5C there is 
loaded a program for executing the authentication 
procedure in the communication terminal 10 in the 
Fig. 9 embodiment that will be described below in 
connection with Fig. 11. In the storage area 15D 
there is stored a program for executing the enci- 
phering computation Kc[Ri2] in steps S6 and S16 
in Fig. 9. in the storage area 15E there is stored a 
program for executing the computation for deci- 
phering R(i-1)i from the signal Kc[R(i-1)i] in step 
S12 in Fig. 9. 

Fig. 11 illustrates an example of the authentica- 
tion procedure that the communication terminal 10 
performs in the Fig. 9 embodiment. As is evident 
from Fig. 11, this procedure is substantially the 
same as that shown in Fig. 5, except that the 
contents of information to be processed in each 
step are different from those in the Fig. 3 embodi- 
ment and that step Sl4a, which executes step S12 
for updating the temporary authentication key Kc in 
Fig. 9, is provided next to step S13 in the second 
processing mode in the Fig. 11 embodiment. 

When a service request is made, the commu- 
nication terminal 10 makes a check in step S1 to 
see if the signals KcfRii ] and Kb[Rii ] have already 
been stored as the previous authentication request 
signal in the storage area 15B. If not, the service 
request is a first request and the terminal 10 ex- 
ecutes steps S3 through S12 in the first processing 
mode. That is, in step S3 the communication termi- 
nal 10 sends the first service request signal SR1 
containing the identification information ID to the 
communication processing unit 20 and waits for an 
authentication request in step S4. Upon receiving 
the enciphered signals Ka[R1i] and Kb[Rli] and 
the random number RI2, as the authentication re- 
quest signal from the communication processing 
unit 20 in step S5, the communication terminal 10 
stores these enciphered signals in the storage area 
15B and obtains a signal Ka[Rl2] by enciphering 
the random number RI2 under the authentication 



key Ka stored in the storage area 15B in step S6. 
In step S7 the communication terminal 10 sends 
the enciphered signal Ka[R1 2 ] as an authentication 
response signal to the communication processing 
5 unit 20 and then enters a service response waiting 
state in step S8. Where it is verified in the commu- 
nication processing unit 20 that the authentication 
response signal is valid, the communication termi- 
nal 10 receives a service response signal in step 

70 S9 and goes into a service receiving state. When it 
is not verified that the authentication response sig- 
nal is valid, the communication terminal 10 re- 
ceives an authentication error signal from the com- 
munication processing unit 20 in step S10, then 

75 erases the signals Ka[R1i] and Kb[R1i] in the 
storage area 15B in step S11 and provides an error 
display on the display 18 in step S12. In this 
instance, the user reports the abnormality of the 
communication terminal 10 to the management 

20 center of the telecommunication system. 

In the case where it is concluded in step S2 
that the signals Kc[Rii] and Kb[Rh] as the previous 
authentication request signal have already been 
stored in the storage area 15B, the current service 

25 request is a second or subsequent request and the 
communication terminal 10 performs steps S13 
through S21 in the second processing mode. That 
is, in step S13 the communication terminal 10 
sends a signal Kb[R(i-1)i] read out from the stor- 

30 age area 15B, as a service request signal SRi 
(where i 2), to the communication processing unit 
20 and in step S14 the terminal 10 deciphers, 
under the temporary authentication key Kc, the 
signal R(i-1)i from the signal Kc[R(i-1)i] read out of 

35 the storage area 15B and updates the temporary 
authentication key Kc to R(i-1)i. In step S14 the 
communication terminal 10 waits for an authentica- 
tion request from the communication processing 
unit 20, and upon receiving the enciphered signals 

40 Kc[Rii] and Kb[Rii] and the random number Ri 2 as 
the authentication request signal in step S15, the 
communication terminal 10 stores these enci- 
phered signals KcfRii ] and Kb[Rii] in the storage 
area 15B in step S16 and, at the same time, it 

45 obtains a signal Kc[Ri2} by enciphering the random 
number Ri 2 with the temporary authentication key 
Kc. Next, in step S17 the communication terminal 
10 sends the enciphered signal Kc[Ri2] as an au- 
thentication response signal to the communication 

so processing unit 20 and then enters a service re- 
sponse waiting state in step S18. The communica- 
tion terminal 10 goes into a service receiving state 
when it receives, in step S19, from the communica- 
tion processing unit 20 a service response signal 

55 indicating that the validity of the authentication re- 
sponse signal has been verified. When receiving an 
authentication error signal indicating the invalidity 
of the authentication response signal from the com- 
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munication processing unit 20 in step S20, the 
communication terminal 10 erases the signals Kc- 
[Rii] and Kb[Rii] in the storage area 15B in step 
S21, thereafter returning to step S1. Consequently, 
steps S3 through S12 in the first processing mode 5 
will be executed next. 

Fig. 12 illustrates, in block form, the construc- 
tion of the communication processing unit 20 in the 
Fig. 9 embodiment. This construction is basically 
identical with that of the communication processing 10 
unit 20 shown in Fig. 6. In the area 25C of the 
storage 25 are stored the signal Kb[R(i-1)i] re- 
ceived as a service request in the second process- 
ing mode, the updated temporary authentication 
key Kc to R(i-1)i and the new pair of random 75 
numbers Rh and R12. In the storage area 25B there 
is stored a program of the authentication procedure 
that the communication processing unit 20 in Fig. 9 
executes. In the storage area 25F there is stored a 
program for generating the pair of random numbers 20 
Rii and Ri2. The programs of various procedures 
loaded in the other storage areas 25D, 25E and 
25G are identical in contents with the programs 
stored in the corresponding storage areas in Fig. 6 
except parameters used. . 25 

Fig. 13 illustrates the authentication procedure 
of the communication processing unit 20 stored in 
the storage area 25C shown in Fig. 12. As will be 
seen from Fig. 13, the basic constitution of this 
authentication procedure is the same as that shown 30 
in Fig, 7 except the parameters used. For instance, 
in steps S3 through S1 2 of the first processing 
mode, the pair of random numbers Rii and Ri2 are 
generated and further their enciphered versions Ka- 
[Rii] and KbfRii] are created (step S6), and then 35 
these enciphered signals and the random number 
RI2 are transmitted as an authentication request 
signal to the communication terminal 10 (step S7). 
An authentication response signal Ka[R1 2 ] is re- 
ceived from the communication terminal 10 (step 40 
S9) and the validity of the authentication response 
signal is verified (step S10). In step S13 through 
S20 of the second processing mode, a signal R(i- 
1)1 deciphered from the enciphered signal Kb[R(i- 
1)i] received as a service request signal is defined 45 
as the temporary authentication key Kc (step S13), 
and a new pair of random numbers Rii and Ri2 are 
generated and a signal is created by enciphering 
the random number Rii under the authentication - 
key Kc (step S14), after which the enciphered 50 
signals Kc[Rii ] and Kb[Rii ] and the random num- 
ber Ri2 are sent as an authentication request signal 
to the communication terminal 10 (step S15). The 
authentication response signal Kb[Rl2] is received 
from the communication terminal 10 (step S17) and 55 
its validity is verified (step S18). 

Fig. 14 shows an authentication procedure 
which is used in the case of the Fig. 9 embodiment 



being applied to a handover (i.e. channel switching 
during communication or hand off during conversa- 
tion) in mobile telecommunication. At first, the mo- 
bile station 10 transmits a call originating signal. 
This corresponds to the service request signal SR1 
from the communication terminal 10 in Fig. 9. 
Thereafter, the authentication of the mobile station 
10 is made using the same procedure as in the 
first processing mode in Fig. 9 and then commu- 
nication is started. When the mobile station 10 
moves out of the current radio zone and into a new 
one afterward, the handover takes place so as to 
continue the communication. In this case, when the 
terminal 10 detects a zone change and performs 
the handover, it first transmits to a new base sta- 
tion 20b a handover request signal containing the 
signal Kb[(Ri-1)i] (where i £ 2) stored in the stor- 
age area 15B. The new base station 20b deciphers 
the received signal into the random number R(i-1)i, 
which is used as a new temporary authentication 
key Kc. Furthermore, the new base station 20b 
generates a new pair of random numbers Rii and 
Ri2 and then transmits to the terminal 10 an au- 
thentication request signal that is composed of a 
signal KcfRii] obtained by enciphering the random 
number Rii under the temporary authentication key 
Kc, a signal Kb[Rh] obtained by enciphering the 
random number Rii under the authentication key 
Kb, and the random number Ri 2 . The terminal 10 
stores the received signals Kc[Rh] and Kb[Rii] 
and, at the same time, generates an enversion Kc- 
[Ri2] of the random number Ri 2 by using the ran- 
dom number R(i-1)i as the temporary authentica- 
tion key Kc, the enciphered signal Kc[Ri 2 ] being 
sent as an authentication response signal to the 
new base station 20b. Upon completion of the 
authentication, the new base station 20b sends a 
handover acceptance signal to the terminal 10, 
which recognizes therefrom the completion of the 
authentication. 

The embodiment of Fig. 9 has been described 
in connection with the authentication method in the 
case of generating the pair of random numbers Rii 
and Ri 2 for each service request, but it is also 
possible to employ a method according to which 
one of the random numbers is omitted and the 
communication terminal 10 sends back, as the 
authentication response signal, a signal Kc[Kb[Ri]] 
produced by enciphering the one enciphered ran- 
dom number Kb[Ri] received as the authentication 
request signal, using the key Kc (where Kc = Ka 
when i = 1). The authentication procedures of the 
first and second processing modes are shown in 
Fig. 15 in correspondence with Fig. 9 and only 
principal processing different from that in the Fig. 9 
embodiment will be described below. 

As shown in Fig. 15, in the first processing 
mode, the communication processing unit 20 gen- 
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erates one random number R1 and creates enci- 
phered signals Ka[R1] and Kb[R1] in step S4, then 
transmits these enciphered signals as an authen- 
tication request signal to the communication termi- 
nal 10 in step S5. The communication terminal 10 
stores these enciphered signals Ka[R1] and Kb[R1] 
and enciphers the signal Kb[R1] using the authen- 
tication key Ka (step S9) and returns the enci- 
phered signal Ka[Kb[Rl ]] as an authentication re- 
sponse signal to the communication processing 
unit 20 (step S7). Since the communication pro- 
cessing unit 20 has the key Kb preassigned thereto 
and the key Ka obtained as the result of the 
service request to the storage 30, it is capable of 
obtaining a signal R1 by deciphering the received 
authentication response signal Kc[Kb[R1]] and 
matching it with the random number R1 generated 
in step S4. Alternatively, a signal Kc[Kb[R1]], which 
is produced by enciphering the random number R1 
generated in step S4, using the keys Kb and Ka, 
may be matched with the received authentication 
response signal Kc[Kb[R1]]. 

Similarly, each time a service request is made 
in the second processing mode (i £ 2), the commu- 
nication processing unit 20 generates one random 
number Ri and creates enciphered signals Kc[Ri] 
and Kb[Ri] in step S14. These enciphered signals 
are sent as an authentication request signal to the 
communication terminal 10. The communication 
terminal 10 stores the received enciphered signals 
Kc[Ri] and Kb[Ri] and enciphers the signal Kb[Ri] 
by the temporary authentication key Kc (step S16), 
then sends the enciphered signal Kc[Kb[Ri]] as an 
authentication response signal back to the commu- 
nication processing unit 20. As in the case of the 
first processing mode, the communication process- 
ing unit 20 is capable of verifying the validity of the 
authentication response signal Kc[Kb[Ri]] by use of 
the keys Kb and Kc. As will be seen from the 
above, in this embodiment, the communication ter- 
minal 10 regards, as a random number, the enci- 
phered random number Kb[Ri] received as part of 
the authentication request signal, as is the case 
with the one random number Ri 2 of the random 
number pair in the Fig. 9 embodiment, and this 
enciphered random number is further enciphered 
and sent as an authentication response signal back 
to the communication processing unit 20. Also in 
the embodiment of Fig. 15, the temporary authen- 
tication key Kc is updated by R(i-1) for each ser- 
vice request in step S12 as in the case of the Fig. 
9 embodiment -- this provides increased security 
for the communication between the terminal 10 and 
the communication processing unit 20. Moreover, 
the updating of the temporary authentication key 
Kc in the communication terminal 10 may also be 
made at the end of the authentication processing 
for each service request as in steps S9 and S19 



indicated by the broken lines in Fig. 15. 

The constructions of the communication termi- 
nal 10 and the communication processing unit 20 
are basically identical with the constructions shown 

5 in Figs. 10 and 12, respectively, and hence they 
are not shown. Further, the authentication proce- 
dures that the terminal 10 and processing unit 20 
execute are the same as the procedures shown in 
Figs. 11 and 13, respectively, except the points 

io described above with reference to Fig. 15; hence 
such authentication procedures are not shown. Be- 
sides, it is evident that the Fig. 15 is applicable to 
the handover processing in mobile telecommunica- 
tion as is the case with the Fig. 9 embodiment, and 

75 the authentication procedure therefor is shown in 
Fig. 16, but no description will be given thereof 
since its contents can easily be understood by 
referring to Fig. 14. 

In the above embodiments the mode specify- 

20 ing information M for distinguishing between the 
first and second processing modes may be in- 
serted in the signal that are sent from the commu- 
nication terminal 10 to the communication unit 20, 
or the presence or absence of the information Kb- 

25 [Ri] may also be used to distinguish between the 
two modes. 

Fig. 17 illustrates the procedure following the 
basic principles of the authentication method ac- 
cording to the present invention applied to the 

30 three embodiments of Figs. 3, 9 and 15. As de- 
scribed previously, the communication processing 
unit 20 responds to an i-th (i = 1) communication 
request to perform the authentication processing in 
the first processing mode. That is, in steps S2 and 

35 S3 the authentication key Ka corresponding to the 
communication terminal 10 is read out from the 
storage 30, and in step S4 enciphered authentica- 
tion information Xbi for the communication pro- 
cessing unit 20, enciphered authentication informa- 

40 tion Xai for the communication terminal 10 and 
random information Yi are generated. The pieces of 
enciphered information Xbi and Xai are related to 
the authentication keys Kb and Ka and correspond 
to the pieces of enciphered information Kb[Ka], Ka- 

45 [Ri], Kb[Ri], etc. in the embodiments described 
previously. The random information Yi corresponds 
to the afore-mentioned random numbers Ri, Ri2 
and Kb[Ri]. The communication terminal 10 re- 
ceives the pieces of enciphered authentication in- 

so formation Xbi and Xai and the random information 
Yi as an authentication request signal and, in step 
S6, stores the pieces of enciphered authentication 
information Xbi and Xai as information for generat- 
ing the authentication key that is to be used in the 

55 next second processing mode. On the other hand, 
the random information Yi is enciphered using the 
authentication key Ka and returned as an authen- 
tication response signal Ka[Yi] to the communica- 
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tion processing unit 20, which in turn verifies the 
response signal Ka[Yi] using the authentication key 
Ka and the random information Yi (step S8). 

For a second or subsequent communication 
request (i £ 2), the authentication processing is 5 
executed in the second processing mode. That is, 
enciphered authentication information Xb(i-1 ) re- 
ceived in the previous processing is sent as the 
communication request signal SRi from the com- 
munication terminal 10 to the communication pro- w 
cessing unit 20 (step S11). At the same time, the 
communication terminal 1 0 deciphers the enci- 
phered authentication information Xa(i-1) to obtain 
an authentication key Kci that is to be used (step 
S12). The communication processing unit 20 de- 75 
ciphers, in step S13, the previous enciphered au- 
thentication information Xb(i-1) currently received 
as the communication request signal SRi and uses 
the deciphered signal as the authentication key Kci 
in the current authentication process. Moreover, the 20 
communication processing unit 20 generates new 
pieces of enciphered authentication information Xbi 
and Xai and random information Yi and transmits 
them as an authentication request signal to the 
communication terminal 10. The terminal 10 enci- 25 
phers the random information Yi using the authen- 
tication key Kci generated in step S12 (step S16) 
and sends it the enciphered random information as 
an authentication response signal Kc[Yi] back to 
the communication unit 20 (step S16). The commu- 30 
nication processing unit 20 verifies the validity of 
the response signal in step S17. 

According to the authentication procedure of 
Fig. 17, in the case of the Fig. 3 embodiment, the 
enciphered authentication information Xai for the 35 
communication terminal 10 is omitted and informa- 
tion Kb[Ka], produced by enciphering the authen- 
tication key Ka of the communication terminal 10 
using the authentication key Kb of the communica- 
tion processing unit 20, is used as the enciphered 40 
authentication information Xbi for the communica- 
tion processing unit 20. In the second processing 
mode, the communication terminal 10 always uses 
the same information Kb[Ka] as the communication 
request signal and the signal Ka as the authentica- 45 
tion key (Kci = Ka). Hence, the process of step 
S12 is omitted. On the other hand, the communica- 
tion processing unit 20 does not produce enci- 
phered authentication information in step S13 but 
instead generates the random number Ri as the 50 
random information Yi and transmits it as an au- 
thentication request signal to the communication 
terminal 10 in step S14. Thus, the Fig. 3 embodi- 
ment is simplified in the procedure in the second 
processing mode, but there is the possibility of 55 
communication being wiretapped, because the 
same information KbfKa] is always used as the 
communication request signal in step S11, as re- 



ferred to previously. 

The embodiment of Fig. 9 is a faithful materi- 
alization of the basic authentication procedure 
shown in Fig. 17. The one random number Rh of 
the pair of random numbers Rit and Ri 2 as enci- 
phered authentication information for the commu- 
nication processing unit 20 and the communication 
terminal 10 is enciphered by the authentication 
keys Kb and Kci to obtain pieces of information Kb- 
[Rii] and KcifRii ], and the other random number 
Ri 2 as the random information Yi. According to the 
Fig. 9 embodiment, the information Kb[Rh ] used as 
a communication request signal changes for each 
communication request, providing increased secu- 
rity against wiretapping. In the Fig. 15 embodiment, 
the one random number Ri 2 of the pair of random 
numbers Rh and Ri 2 is replaced with the signal 
Kb[Rii] in Fig. 9. To this end, the random number 
Ri is generated and pieces of information KbfRi] 
and Kci[Ri] are produced as the enciphered au- 
thentication information Xbi and Xai; in this case, 
the information Kb[Ri] serves also as the random 
information Yi. 

As described above, according to the present 
invention, since the communication processing unit 
20 needs not to receive the authentication key Kc 
of the communication terminal 10 from the storage 
30, the authentication processing time can be re- 
duced accordingly -- this leads to reduction of the 
communication processing time and alleviation of a 
connection delay. 

It will be apparent that many modifications and 
variations may be effected without departing from 
the scope of the novel concepts of the present 
invention. 

Claims 

1. In a communication system which includes a 
communication processing unit having a first 
authentication key Kb and performing commu- 
nication processing, a communication terminal 
having a second authentication key Ka unique 
thereto and connected via a communication 
channel to said communication processing 
unit, and. a storage storing said second authen- 
tication key Ka for authenticating said commu- 
nication terminal and responsive to a request 
from said communication processing unit to 
. provide thereto said second authentication key 
Ka, an authentication method whereby said 
communication processing unit verifies-the va- 
lidity of said communication terminal when re- 
ceiving therefrom a communication request; 

said authentication method including a 
step wherein said communication processing 
unit responds to a communication request sig- 
nal from said communication terminal to deter- 
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mine if said communication request signal is a 
first one and if so, a first processing mode is 
executed and if not, a second processing 
mode is executed; 

A. said first processing mode comprising 5 
the steps: 

wherein said communication processing 

unit: 

(a) responds to said communication re- 
quest from said communication terminal 10 
to acquire said second authentication key 

Ka of said communication terminal from 
said storage; and 

(b) generates authentication information 

Xbi enciphered by said first authentica- 75 
tion key Kb and random information Yi 
and transmits an authentication request 
signal containing said pieces of informa- 
tion, to said communication terminal; 

wherein said communication termi- 20 

nal: 

(c) transmits information Ka[Yi] as an au- 
thentication response signal to said com- 
munication processing unit, said informa- 
tion Ka[Yi] being obtained by enciphering 25 
said random information Yi with said sec- 
ond authentication key Ka; and 

(d) stores said enciphered authentication 
information Xbi; and 

wherein said communication pro- 30 
cessing unit: 

(e) verifies said authentication response 
signal using said second authentication 
key Ka; and 

B. said second processing mode compris- 35 
ing the steps: 

wherein said communication terminal: 

(f) transmits to said communication pro- 
cessing unit a communication request 
signal containing said enciphered authen- 40 
tication information Xbi obtained by au- 
thentication processing executed in re- 
sponse to the previous communication 
request; 

wherein said communication pro- 45 
cessing unit: 

(g) deciphers said enciphered authentica- 
tion information Xbi into a deciphered 
authentication key Kci; 

(h) generates new random information Yi; so 
and 

(i) transmits an authentication request 
signal containing said random informa- 
tion Yi to said communication terminal; 

wherein said communication termi- 55 

nal: 

(j) enciphers said received random in- 
formation Yi by said authentication key 



Kci and sends said enciphered random 
information as an authentication response 
signal to said communication processing 
unit; and 

wherein said communication pro- 
cessing unit: 

(k) verifies* said received authentication 
response signal using said deciphered 
authentication key Kci. 

2. The method of claim 1 wherein said step (b) is 
a step wherein information Kb[Ka] produced by 
enciphering said second authentication key Ka 
by said first authentication key Kb is generated 
as said enciphered authentication information 
Xbi and wherein said communication terminal 
uses said second authentication key Ka as 
said authentication key Kci in said step (j) of 
said second processing mode. 

3. The method of claim 1 wherein: 

said step (b) comprises a step of generat- 
ing first and second random numbers Rii and 
Ri2 and a step of enciphering said first random 
number Rii by said first and second authen- 
tication keys Kb and Ka to obtain first and 
second enciphered random numbers Kb[Rii] 
and Ka[Rii ], said first enciphered random num- 
ber KbfRii] being used as first authentication 
information for said communication processing 
unit, said second enciphered random number 
Ka[Rii] being as second enciphered authen- 
tication information for said communication ter- 
minal and said authentication request signal 
which is sent to said communication terminal 
containing said second random number Ri 2 as 
said random information Yi and said first and 
second enciphered authentication information 
Kb[Rh] and Ka[Rii ], said i being 1 represent- 
ing first authentication processing; 

said step (d) is a step of storing said 
second enciphered authentication information 
Ka[Rii ] together with said first enciphered au- 
thentication information; 

said second processing mode includes a 
step wherein a first random number R(i-1)i 
obtained by deciphering previous second enci- 
phered authentication information Kc[R(i-1)i] 
stored in said communication terminal is up- 
dated as said authentication key Kci that said 
communication terminal is to use in authentica- 
tion processing for the current communication 
request; 

said enciphered authentication information 
Xbi in said step (f) is first enciphered random 
number Kb[R(i-1)i] obtained in authentication 
processing for the previous communication re- 
quest, i being an integer equal to or greater 
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than 2; 

said "step (g) is a step wherein a first 
random number R(i-1)i obtained by decipher- 
ing said first enciphered authentication infor- 
mation Kb[R(i-1)i] is obtained as said deci- 
phered authentication key Kci; 

said step (h) comprises a step of generat- 
ing new first and second random number Rj 1 
and Ri 2 , said second random number Ri 2 be- 
ing obtained as a new version of said random 
information Yi and a step of enciphering said 
first random number Rii by said first authen- 
tication key Kb and said deciphered authen- 
tication key Kci to generate first and second 
pieces of enciphered authentication information 
Kb[Rh] and KcifRii]; 

said step (i) is a step wherein said second 
random number Ri 2 and said first and second 
pieces of enciphered authentication' information 
KbfRii] and KcifRii] as said random informa- 
tion Yi are sent, as information contained in 
said authentication request signal, to said com- 
munication terminal; and 

said step (j) includes a step of storing said 
first and second pieces of enciphered authen- 
tication information Kb[Rii] and KcifRii] re- 
ceived from said communication processing 
unit. 

The method of claim 1 wherein: 

said step (b) comprises a step of generat- 
ing first and second random numbers Rii and 
Ri 2 and a step of enciphering said first random 
number RK by said first and second authen- 
tication keys Kb and Ka to obtain first and 
second enciphered random numbers Kb[Rii] 
and Ka[Rii], said first enciphered random num- 
ber KbfRii ] being used as said first enciphered 
authentication information for said communica- 
tion processing unit, said second enciphered 
random number KafRh ] being used as second 
enciphered authentication information for said 
communication terminal, said authentication re- 
quest signal which is sent to said communica- 
tion terminal containing said second random 
number Ri 2 as said random information Yi and 
said first and second pieces of enciphered 
authentication information KbfRii] and KafRh], 
said i being 1 representing first authentication 
processing; 

said step (d) is a step of storing said 
second enciphered authentication information 
KafRh] together with said first enciphered au- 
thentication information; 

said enciphered authentication information 
Xbi in said step (f) is a first enciphered random 
number Kb[R(i-1)i] obtained in authentication 
processing for the previous communication re- 



quest, said i being an integer equal to or 
greater than 2; 

said step (g) is a step of obtaining, as said 
deciphered authentication key Kci, a first ran- 
dom number R(i-1)i obtained by deciphering 
said first enciphered authentication information 
Kb[R(i-1),]; 

said step (h) comprises a step of generat- 
ing new first and second random numbers Rh 
and Ri 2l said second random number Ri 2 be- 
ing obtained as a new version of said random 
information Yi, and a step of enciphering said 
first random number Rii by said first authen- 
tication key Kb and said deciphered authen- 
tication key Kci to generate first and second 
pieces of enciphered authentication information 
Kb[Rii ] and KcifRii ]; 

said step (i) is a step wherein said second 
random number Ri 2 as said random informa- 
tion Yi and said first and second pieces of 
enciphered authentication information KbfRii] 
and Kci[Rii ] are sent, as information contained 
in said authentication request signal, to said 
communication terminal; 

said step (j) includes a step of storing said 
first and second pieces of authentication in- 
formation Kb[Rii] and KcifRh ] received from 
said communication processing unit; and 

said second processing mode includes a 
step wherein a first random number Rh ob- 
tained by deciphering said first enciphered 
random number Kci[Rii] received by said 
communication terminal in authentication pro- 
cessing for the current communication request 
is updated, in said communication terminal, as 
a deciphered authentication key Kci that said 
communication terminal is to use in authentica- 
tion processing for the next communication 
request. 

5. The method of claim 1 wherein: 

said step (b) comprises a step of generat- 
ing a random number Ri and a step of enci- 
phering said random number Ri by said first 
and second authentication keys Kb and Ka to 
obtain first and second enciphered random 
numbers KbfRi] and Ka[Ri], said first enci- 
phered random number KbfRi] being used as 
said first enciphered authentication information 
for said communication processing unit, said 
second enciphered random number KafRi] be- 
ing used as said second enciphered authen- 
tication information for said communication ter- 
minal and said first enciphered random num- 
ber KbfRi] being used also as said random 
information Yi, said i being 1 representing first 
authentication processing; 

said second processing mode includes a 
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step wherein a random number R(i-1) obtained 
by deciphering previous enciphered authen- 
tication information .Kci[R(i-1)] stored in said 
communication terminal is updated as a de- 
ciphered authentication key Kci that said com- 5 
munication terminal is to use in authentication 
processing for the current communication re- 
quest; 

said first enciphered authentication infor- 
mation Xbi contained in said communication 10 
request signal in said step (f) is said first 
enciphered authentication information Kb[R(i- 
1)] obtained in authentication processing for 
the previous communication request; 

said step (g) is a step of deciphering said 15 
first enciphered authentication information Kb- 
[R(i-1)] to obtain a random number R(i-1) as 
said deciphered authentication key Kci; 

said step (h) is a step of generating a 
random number Ri, enciphering said random 20 
number Ri by said first authentication key Kb 
and said deciphered authentication key Kci to 
obtain first and second enciphered random 
numbers Kb[Ri] and KcifRi] as new versions of 
said first and second pieces of enciphered 25 
authentication information, and obtaining said 
first enciphered authentication information Kb- 
[Ri] as a new version of said random informa- 
tion Yi, said i being an integer equaJ to or 
greater than 2; 30 

said step (i) is a step of sending said 
authentication request signal containing said 
first enciphered authentication information to 
said communication terminal; and 

said step (j) is a step wherein information 35 
Kci[Kb[Ri]] obtained by enciphering said first 
enciphered random number Kb[Ri] using said 
deciphered authentication key Kci is sent back 
to said communication processing unit togeth- 
er with said authentication signal. 40 

The method of claim 1 wherein: 

said step (b) comprises a step of generat- 
ing a random number Ri and a step of enci- 
phering said random number Ri by said first 45 
and second authentication keys Kb and Ka to 
obtain first and second enciphered random 
numbers KbfRi] and Ka[Ri], said first enci- 
phered random number Kb[Ri] being used as 
said first enciphered authentication information so 
for said communication unit, said second enci- 
phered random number Ka[Ri] being used as 
second enciphered authentication information 
for said communication terminal and said first 
enciphered random number Kb[Ri] being used 55 
also as said random information Yi, said i be- 
ing 1 representing first authentication process- 
ing; 



said first enciphered authentication infor- 
mation Xbi contained in said communication 
request signal in said step (f) is said first 
enciphered authentication information Kb[R(i- 
1)] obtained in authentication processing for 
the previous communication request; 

said step (g) is a step of deciphering said 
enciphered authentication information Kb[R(i- 
. 1)] to obtain a random number as said de- 
ciphered authentication key Kci; 

said step (h) is a step of generating a 
random number Ri, enciphering said random 
number ri by said first authentication key Kb 
and said deciphered authentication key Kci to 
obtain first and second enciphered random 
numbers Kb[Ri] and KcifRi] as new versions of 
said first and second pieces of enciphered 
authentication information, and obtaining said 
first enciphered authentication "information Kb- 
[Ri] as a new version of said random informa- 
tion Yi ( said i being an integer equal to or 
greater than 2; 

said step (i) is a step of sending said 
authentication request signal containing said 
first enciphered authentication information Kb- 
[Ri] to said communication terminal; 

said step (j) is a step wherein information 
Kci[Kb[Ri]] obtained by enciphering said first 
enciphered random number Kb[Ri] using said 
deciphered authentication key Kci is sent back 
to said communication processing unit togeth- 
er with said authentication response signal; 
and 

said second processing mode includes a 
step wherein a random number Ri obtained by 
deciphering said second enciphered random 
number Kci received by said communication 
terminal in authentication processing for the 
current communication request is updated as a 
deciphered authentication key Kci that said 
communication terminal is to use in authentica- 
tion processing for the next communication 
request. 

7. The method of claim 1 wherein said step (e) of 
said first processing mode is a step of verify- 
ing that information obtained by deciphering 
said authentication response signal received 
from said communication terminal, using said 
second authentication key Ka, matches said 
random information Yi transmitted as said au- 
thentication request signal to said communica- 
tion terminal match each other. 

8. The method of claim 1 wherein said step (k) of 
said second processing mode is a step of 
verifying that information obtained by decipher- 
ing said authentication response signal re- 
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ceived from said communication terminal, 
through use of said deciphered authentication 
key Kci, matches said random information Yi 
transmitted as said authentication request sig- 
nal to said communication terminal. 

9. The method of claim 1 wherein said step (e) of 
said first processing mode is a step of verify- 
ing that information obtained by enciphering 
said random information Yi sent as said au- 
thentication request signal to said communica- 
tion terminal, through use of said second au- 
thentication key Ka, matches said authentica- 
tion response signal. 

10. The method of claim 1 wherein said step (k) of 
said second processing mode is a step of 
verifying that information obtained by encipher- 
ing said random information Yi sent as said 
authentication request signal to said commu- 
nication terminal, through use of said deci- 
phered authentication key Kci, matches said 
authentication response signal. 

11- The method of claim 1 wherein said commu- 
nication terminal is a portable station, said 
communication processing unit is a base sta- 
tion in a mobile telecommunication system, 
said communication request signal in said first 
processing mode is an originating call and said 
communication request signal in said second 
processing mode is a signal for requesting 
channel switching during communication. 

12. The method of claim 1 wherein said commu- 
nication terminal is an IC- card in an IC card 
system and said communication processing 
unit is a card reader. 

13. In a telecommunication system which com- 
prises a communication terminal having a 
unique second authentication key Ka, a com- 
munication processing unit having a first au- 
thentication key Kb, connected via a commu- 
nication channel to said communication termi- 
nal and responsive to a communication request 
signal from said communication terminal to 
verify the validity of said communication termi- 
nal, and a storage storing said second authen- 
tication key Ka for the authentication of said 
communication terminal and responsive to a 
request from said communication processing 
unit to provide thereto said second authentica- 
tion key Ka, said communication terminal com- 
prising: 

means for receiving, as an authentication 
request signal from said communication pro- 
cessing unit, random information Yi and enci- 



phered authentication information Xbi enci- 
phered by said first authentication key Kb; 

means whereby said random information 
Yi contained in said authentication request sig- 
nal received from said communication pro- 
cessing unit is enciphered with said second 
authentication key Ka to generate an authen- 
tication response signal to be sent back to said 
communication processing unit and said ran- 
dom information Yi contained in said authen- 
tication request signal received in response to 
a second or subsequent communication re- 
quest is enciphered with an authentication key 
Kci to generate said authentication response 
signal; 

storage means for storing said enciphered 
authentication information contained in said au- 
thentication request signal; and 

means for sending a communication re- 
quest signal containing identification informa- 
tion, in said first communication request, and 
for sending, in said second or subsequent 
communication request, a communication re- 
- quest signal containing said enciphered au- 
thentication information Xbi read out from said 
storage means. 

14. In a telecommunication system which com- 
prises a communication terminal having a 
unique second authentication key Ka, a com- 
munication processing unit having a first au- 
thentication key Kb, connected via a commu- 
nication channel to said communication termi- 
nal and responsive to a communication request 
signal from said communication terminal to 
verify the validity of said communication termi- 
nal, and a storage storing said second authen- 
tication key Ka for the authentication of said 
communication terminal and responsive to a 
request from said communication processing 
unit to provide thereto said second authentica- 
tion key Ka, said communication processing 
unit comprising: 

means for determining if said communica- 
tion request signal received from said commu- 
nication terminal is a first communication re- 
quest signal; 

means for obtaining said second authen- 
tication key Ka from said storage in the case, of 
a first communication request; 

means responsive to each communication 
request to generate random information Yi; 

means responsive to said first communica- 
tion request signal to generate enciphered au- 
thentication information Xbi enciphered by said 
first authentication key Kb of said communica- 
tion processing unit; 

means for sending said enciphered au- 
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thentication information Xbi as a first authen- 
tication request signal to said communication 
terminal and for sending at least said random 
information Yi as said second or subsequent 
authentication request signal to said commu- 
nication terminal; 

means for receiving said second or subse- 
quent communication request signal and for 
obtaining a deciphered authentication key Kci 
by deciphering said enciphered authentication 
information contained in said second or subse- 
quent communication request signal and sent 
to said communication terminal in the previous 
authentication processing; and 

means for verifying the validity of an au- 
thentication response signal from said commu- 
nication terminal through use of said deci- 
phered authentication key Kci and said random 
information Yi. 

15. The communication terminal of claim 13 
wherein: said random information Yi contained 
in said authentication request signal received 
from said communication processing unit is a 
random number Ri; said enciphered authen- 
tication information Xbi contained in said first 
communication request signal is information 
Kb[Ka] obtained by enciphering said second 
authentication key Ka with said first authentica- 
tion key Kb; said authentication response sig- 
nal generating means generates, as said au- 
thentication response signal, information Ka[Ri] 
obtained by enciphering said received random 
number Ri with said second authentication key 
Ka; and said communication request signal 
generating means generates a communication 
request signal containing identification informa- 
tion ID of said communication terminal in said 
first communication request and generates a 
communication request signal containing said 
enciphered information Kb[Ka] read out from 
said storage means in said second or subse- 
quent communication request. 

16. The communication processing unit of claim 
14 wherein: said enciphered authentication in- 
formation generating means is means for gen- 
erating, as said enciphered authentication in- 
formation Xbi, information Kb[Ka] obtained by 
enciphering said second authentication key Ka 
with said first authentication key Kb; and said 
authentication request signal sending means is 
means for sending said enciphered authentica- 
tion information Kb[Ka] and said random in- 
formation Yi as said first authentication request 
signal to said communication terminal and for 
sending said random information Yi as said 
second or subsequent authentication request 



signal to said communication terminal. 

17. The communication terminal of claim 13 
wherein: 

5 said authentication request signal received 

from said communication processing unit for 
each communication request comprises first 
and second enciphered random numbers Kb- 
[Rii] and Kci[Rii] obtained by enciphering a 

70 first random number Ri| with said first authen- 

tication key Kb and a deciphered authentica- 
tion key Kci, as said first enciphered authen- 
tication information Xbi and second enciphered 
information Xai, and a second random number 

rs Ri2 as said random information Yi; 

means is provided for obtaining a first ran- 
dom number R(i-1)i by deciphering said sec- 
ond enciphered random number Kci[R(i-1)i] 
received from said communication processing 

20 unit in authentication processing for the pre- 

vious communication request, said first random 
number R(M)i being used as the current de- 
ciphering authentication key Kci, where i £ 2 
and in the case of i = 1 , Kci = Ka; 

25 said storage means is means for storing 

said first and second pieces of enciphered 
information Kb[Rh] and Kci[Rii] contained in 
said authentication request signal received 
from said communication processing unit in 

30 response to an i-th communication request sig- 

nal, where in the case of i = 1, Kci = Ka; 

said communication request signal gen- 
erating means is means whereby in said sec- 
ond or subsequent communication request, 

35 said first enciphered authentication information 

Kb[R(i-1)i] stored in said storage means in the 
previous authentication processing is gener- 
ated as said enciphered authentication infor- 
mation Xbi contained in said communication 

40 request signal; and 

said authentication response signal gen- 
erating means is means whereby in an i-th 
communication request, information Kci[Ri2] 
obtained by enciphering with said deciphered 

45 authentication key Kci said second random 

number contained in said authentication re- 
quest signal received from said communication 
unit is generated as said authentication re- 
sponse signal, where in the case of i = 1, Kci 

so = Ka. 

18. The communication terminal of claim 13 
wherein: 

said communication request signal which 
55 is received from said communication process- 

ing unit for each communication request con- 
tains first and second enciphered random 
numbers Kb[Rii] and Kci[Rii] obtained by en- 
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ciphering a first random number Rh with said 
first authentication key Kb and a deciphered 
authentication key Kci, as said first enciphered 
authentication information Xbi and second en- 
ciphered authentication information Xai", re- 
spectively, and a second random number Ri 2 
as said random information; 

said storage means is means for storing 
said first and second pieces of enciphered 
authentication information KbfRii ] and Kci[Rii ] 
contained in an authentication request signal 
received from said communication processing 
unit in response to an i-th communication re- 
quest, where in the case of i = 1^ Kci = Ka; 

said communication request signal gen- 
erating means is means whereby in said sec- 
ond or subsequent communication request, 
said first enciphered authentication information 
KbtRfl-1)!] stored in said storage means in the 
previous authentication processing is gener- \ 
ated as said enciphered authentication infor- 
mation Xbi contained in said communication 
request signal; 

said authentication response signal gen- 
erating means is means whereby in an i-th 2 
communication request, information Kci[Ri 2 ] 
obtained by enciphering, with said deciphered 
authentication key Kci, said second random 
number Ri 2 contained in said authentication 
request signal received from said communica- 3< 
tion processing unit is generated as said au- 
thentication response signal,* where in the case 
of i = 1 , Kci - Ka; and 

means is provided whereby a first random 
number Rh is obtained by deciphering said 3< 
second enciphered authentication information 
KcifRh] from said communication processing 
unit through use of said deciphered authentica- 
tion key Kci used for the generation of said 
authentication response signal and said first 40 
random number Rh is updated as deciphered 
authentication key Kc{i + 1) in authentication 
processing for the next communication re- 
quest, where in the case of i = 1 , Kci = Ka. 

45 

9. The communication processing unit of claim 
14 wherein: 

said random information generating means 
has means for generating a pair of first and 
second random numbers Ri t and- Ri 2 in re-- so 
sponse to each reception of said communica- 
tion request signal and for outputting said sec- 
ond random number Ri 2 as said random in- 
formation Yi; 

hen said communication request is a sec- 55 
ond or subsequent request, said communica- 
tion request signal contains said first enci- 
phered authentication information Kb[R(i-1)!] 



as said enciphered authentication information 
Xbi sent to said communication terminal, said 
means for generating said deciphered authen- 
tication key Kci being means for deciphering 
said previous first enciphered authentication 
information Kb[R(i-1)!] to obtain a first random 
number R(i-1)i as said deciphered authentica- 
tion key Kci; 

said enciphered authentication information 
generating means is means whereby, in re- 
sponse to an i-th communication request, first 
and second enciphered random numbers Kb- 
fRii] and Kci[Rii], obtained by enciphering 
said first random number Rh from said ran- 
dom information generating means with said 
first authentication key Kb and said deciphered 
authentication key Kci, are generated as said 
first and second pieces of enciphered authen- 
tication information Xbi and Xai, respectively, 
where in the case of i = 1 , Kci = Ka; and 

said verifying means is means whereby, in 
said first communication request, the validity of 
said authentication response signal Ka[Ri 2 ] re- 
ceived from said communication terminal is 
verified using said second authentication key 
Ka and said second random number Ri 2 and, in 
a second or subsequent communication re- 
quest, the validity of said authentication re- 
sponse signal Kci[Ri 2 ] received from said com- 
munication terminal is verified using said de- 
ciphered authentication key Kci and said sec- 
ond random number Ri 2 . 

20. The communication terminal of claim 13 
wherein: 

said authentication request signal which is 
received from said communication processing 
unit for each communication request contains, 
as said first enciphered authentication informa- 
tion Xbi and second enciphered authentication 
information Xai, first and second enciphered 
random numbers Kb[Ri] and KcifRi] obtained 
by enciphering a random number Ri with said 
first authentication key Kb and said deciphered 
authentication key Kci, and said first enci- 
phered random number KbfRi] is used also as 
said random information Yi; 

means is provided whereby said second 
enciphered random number Kci[R(i-l)] re- 
ceived from said communication processing 
unit in authentication processing for the pre- 
vious communication request is deciphered to 
obtain a random number R(i-1) as the current 
deciphered authentication key Kci, where i > 2 
and in the case of i = 1, Kci = Ka; 

said storage, means is means for storing 
said first and second pieces of enciphered 
authentication information KbfRi] and KcifRi] 
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contained in an authentication request signal 
received from said communication processing 
unit in response to an i-th communication re- 
quest signal, where in the case of i = 1, Kci = 
Ka; 

said communication request signal gen- 
erating means is means whereby, in said sec- 
ond or subsequent communication request, 
said first enciphered authentication information 
Kb[R(i-1)] stored in said storage means in the 
previous authentication processing is gener- 
ated as said enciphered authentication infor- 
mation Xbi contained in said communication 
request signal; and 

said authentication response signal gen- 
erating means is means whereby, in said i-th 
communication request, information Kci[Kb[Ri]- 
], obtained by enciphering, with said deci- 
phered 'authentication key Kci, said first enci- 
phered random number Kb[Ri] contained in 
said authentication request signal received 
from said communication processing unit, is 
generated as said authentication response sig- 
nal, where in the case of i = 1, Kci = Ka. 

21. The communication terminal of claim 13 
wherein: 

said authentication request signal which is 
received from said communication processing 
unit for each communication request contains, 
as said first enciphered authentication informa- 
tion Xbi and second enciphered authentication 
information Xai, first and second enciphered 
random numbers Kb[Ri] and Kci[Ri] obtained 
by enciphering a random number Ri with said 
first authentication key Kb and said deciphered 
authentication key Kci, and said first enci- 
phered random number Kb[Ri] is used also as 
said random information Yi; 

said storage means is means for storing 
said first and second pieces of enciphered 
authentication information Kb[Ri] and Kci[Ri] 
contained in an authentication request signal 
received from said communication processing 
unit in response to an i-th communication re- 
quest signal, where in the case of i = 1, Kci = 
Ka; 

said communication request signal gen- 
erating means' is means whereby, in said sec- 
ond or subsequent communication request, 
said first enciphered authentication information 
Kb[R(i-1)] stored in said storage means in the 
previous authentication processing is gener- 
ated as said enciphered authentication infor- 
mation Xbi contained in said communication 
request signal; 

said authentication response signal gen- 
erating means is means whereby, in said i-th 



communication request, information Kci[Kb[Ri]- 
], obtained by enciphering, with said deci- 
phered authentication key Kci, said first enci- 
phered random number Kb[Ri] contained in 

5 said authentication request signal received 

from said communication processing unit, is 
generated as said authentication response sig- 
nal, where in the case of i = 1, Kci = Ka; and 
means is provided whereby a random 

10 number Ri is obtained by deciphering said 

second enciphered authentication information 
Kci[Ri] from said communication processing 
unit through use of said deciphered authentica- 
tion key Kci used for the generation of said 

75 authentication response signal and said ran- 

dom number Ri is updated as deciphered au- 
thentication key Kc(i + 1) in authentication pro- 
cessing for the next communication request, 
where in the case of i = 1 , Kci = Ka. 

20 

22. The communication processing unit of claim 
14 wherein: 

said random information generating means 
has means for generating a random number Ri 

25 in response to each reception of said commu- 

nication request signal; 

when said communication request is a 
second or subsequent request, said commu- 
nication request signal contains said first enci- 

30 phered authentication information Kb[R(i-1)] as 

said enciphered authentication information Xbi 
sent to said communication terminal, said 
means for generating said deciphered authen- 
tication key Kci being means for deciphering 

35 said previous first enciphered authentication 

information Kb[R(i-1)] to obtain a random num- 
ber R(i-1) as said deciphered authentication 
key Kci; 

said enciphered authentication information 

40 generating means is means whereby, in re- 

sponse to an i-th communication request, first 
and second enciphered random numbers Kb- 
[Ri] and Kci[Ri], obtained by enciphering said 
random number Ri from said random informa- 

45 tion generating means with said first authen- 

tication key Kb and said deciphered authen- 
tication key Kci, are generated as said first and 
second pieces of enciphered authentication in- 
formation Xbi and Xai, respectively, said first 

so enciphered random number Kb[Ri] being used 

also as said random information Yi which said 
random information generating means outputs, 
where in the case of i = 1 , Kci = Ka; and 

said verifying means is means whereby, in 

55 said first communication request, the validity of 

said authentication response signal Ka[Ri] re- 
ceived from said communication terminal is 
verified using said second authentication key 
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Ka and said random number Ri and, in a 
second or subsequent communication request 
the validity of said authentication response sig- 
nal KcifRi] received from said communication 
terminal is verified using said deciphered au- 
thentication key Kci and said random number 
Ri. 
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